CLI options for Local Scanner

The Aikido Security Local Scanner is a tool that enables you to perform Aikido Security scans within your environment, ensuring your code never leaves your premises. Below you can find the options that can be passed when running the local scanner.

Repository scanning

Usage: Aikido Selfscanner scan [options] <path>

Run a scan.

Arguments:
  path                                 The path you want to scan.

Options:
  --apikey <apikey>                    Apikey to send scanning results to Aikdo.
  --repositoryname <repositoryname>    Repo name to create or send results to.
  --branchname <branchname>            Branch name that is being scanned.
  --tmpdirectory <tmpdirectory>        Temporary directory to use during scanning. (default: "./.aikidotmp")
  --debug                              Add additional debug information to command output.
  --disable-artifact-scanning          Disable trivy rootfs scanning. Use to speed up scanning at the cost of not scanning artifacts such as .jar files.
  --secrets-scanning-full-git-history  Enable scanning the full Git history for secrets.
  --scanners [scanners...]             Specify which of the scanners should be executed. (choices: "trivy", "semgrep", "checkov", "syft", "gitleaks")
  --exclude <exclude_path>             Specify a file or folder path that should be excluded from the scan. This option may be specified multiple times. (default: [])
  --fail-on <severity>                 Runs scanner in release gating mode and fails on the given severity or higher. (choices: "low", "medium", "high", "critical")
  --gating-result-output <output>      JSON file to write issues to when running (release gating mode only)
  --no-fail-on-timeout                 Do not fail the process in case the scan result polling times out (release gating mode only)
  --max-polling-attempts <amount>      Amount of times to poll for scan results, increase this if the default value of 20 is not enough (release gating mode only)
  -h, --help                           display help for command

Image scanning

Usage: aikido-local-scanner image-scan [options] <image>

Run an image scan.

Arguments:
  image                            The image you want to scan.

Options:
  --apikey <apikey>                Apikey to send scanning results to Aikdo.
  --platform <platform>            Set platform (to pull arm64 image on a amd64 system for example)
  --debug                          Add additional debug information to command output.
  --fail-on <severity>             Runs scanner in release gating mode and fails on the given severity. (choices: "low", "medium", "high", "critical")
  --gating-result-output <output>  JSON file to write issues to when running (release gating mode only)
  --no-fail-on-timeout             Do not fail the process in case the scan result polling times out (release gating mode only)
  --max-polling-attempts <amount>  Amount of times to poll for scan results, increase this if the default value of 20 is not enough (release gating mode only)
  -h, --help                       display help for command

Account Creation for Local Scanning on Aikido

Performing Nightly Scans using the Aikido Local Scanner